Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.3
Affects Version/s: 2.4.0-rc0
Component/s: Security, Tools
Labels:
None

Operating System:
ALL
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

If the mongod server is started with the --sslCAFile option (Certificate Authority file for SSL), it is impossible to connect to the server from the mongotools (mongodump, mongoexport, etc.).

If a tool tries to connect, the server will log (as expected):

Fri Feb 22 16:10:51.393 [conn3] ERROR: no SSL certificate provided by peer; connection rejected
Fri Feb 22 16:10:51.393 [conn3] SocketException handling request, closing client connection: 9001 socket exception [6]

Workaround: run the mongod with --sslWeakCertificateValidation (allow client to connect without presenting a certificate). With this option, if a client presents a certificate, it must present a certificate that is valid by the CA. However, clients are allowed to successfully connect if they present no certificate at all.

Fix: add support for these cmd line options.

is duplicated by

SERVER-8681 add SSL support to all mongo tools

Closed

is related to

SERVER-11127 Add more tests for ssl client options

Closed

Assignee:: Shaun Verch (Inactive)
Reporter:: Daniel Pasette (Inactive)
Participants:: auto, Daniel Pasette, Shaun Verch
Votes:: 1 Vote for this issue
Watchers:: 9 Start watching this issue

Created:: Feb 22 2013 09:20:42 PM UTC
Updated:: Jun 16 2014 09:40:05 PM UTC
Resolved:: Oct 11 2013 08:06:10 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates